Disaster Recovery Plan

05/17/2012 - BYOD improves productivity

The latest results from a quarterly survey of IT decision makers shows that a significant number of companies with tablets deployed are seeing productivity gains tied directly to their use.

In the survey of over a thousand IT decision-makers, 74% indicated that using tablet computers and smartphones led to an increase in productivity in their organization while 25% of those said it has led to a significant increase. In addition, half of those surveyed said they felt the use of tablets and smartphones has led to cost savings in their organization.

Addressing the so-called BYOD (Bring Your Own Device) trend, 64% of the IT decision-makers at large businesses reported that consumer technology adoption has led to cost savings, while 42% said they experienced significant cost savings.

- more

05/12/2012 - Mobile devices put a strain on help desk staff

IT Help desks need to focus more of their resources handling mobile computing. Even though remote access is only available to one third of mobile workers and instant messaging is only available to one quarter, CIOs need to consider new technologies when providing support to workers who do not have ready access to in-person support options. Policies and performance metrics are a must.

Documenting a clear set of IT policies is a resource-intensive process for CIO and their staffs due to the research and writing time involved. And once policies are created, the next step is to communicate and gain acceptance for those policies throughout the organization. Wouldn't it be nice to start with boiler plate templates that require only minor customizing?

- more

04/29/2012 - Meeting productivity improvement

Ideas to improve meeting productivity

Have agendas with goals objectives. It's considered bad business manners to send a meeting request without providing an agenda. When calling a meeting focus agenda on expressly stating the goal(s) of the meeting.
Replace the default 60-minute meeting time slot with a 20-minute meeting unit. For some inexplicable reason, people seem to naturally default to 60 minutes as the amount of time needed for a meeting. And while that may be the case in certain circumstances, it should not be the default position. In place of a 60-minute default time slot, adopt the 20-minute meeting unit. If a particular topic needs more time than that, it is up to the meeting organizer to convince the participants that two (or three, or four) meeting units of 20 minutes are necessary.
Have people stand during meeting. It is too easy to "waste time" when everyone is sitting.
Orient the meeting toward follow-ups and actions. Meetings produce lots of ideas and discussion. That's wonderful. But the real purpose of most meetings is to agree on next steps and actions. Keep a focus on targeted actions and your meetings will be productive. Allow them to become discussion forums for "important issues," and they will feel long and painful.

- more

04/15/2012 - Labor Force Participation Rate at Lowest Level in over 40 Years

The BLS data shows that the participation rate in the job market is at levels that have not been seen since the 1970's. In March of 2012 the work force participation percentage of all employees (male and female) was at 63.8% according to the BLS data.

Assuming that there is a significant downsizing of the military and there are no new programs to get jobs for soldiers coming home then the true unemployment levels will not go down for some time.

- more

04/11/2012 - Mobile device usage improves productivity

Today's most productive employees are not tied to a desk, an office, or a location. They are mobile. And your companyÂ’s IT strategy has to be ready to support them with easy, reliable, 24/7 access to the business information they need, from anywhere in the world, across a broad range of communication devices.

Mobile contentmanagement increases user productivity, ramps up customer engagement, enhances customer service, maximizes collaboration and drives more effective business decision-making.

- more

04/03/2012 - Disaster planning state of the art solutions

Not all disaster recovery applications are created equal. There are three main methods for providing backup for virtual environments in the industry today. Understanding how these methods impact your environment as a whole, is key to making sound decisions when choosing the correct application for your business.

In our Disaster Recovery Planning Template Janco presents:

Review these methods to compare and contrast the impact on the environment
Strategies
See how each method effects the backup window and storage and the MTPOD (Maximum Tolerable Period of Recovery)
Present state of the art solutions to the global body of knowledge for DR/BC, including current international standards and best practices.

- more

03/30/2012 - EU Proposes New Security Requirements

EU proposed the replacement of Data Protection Directive 95/46, an important component of EU privacy and human rights law under which organizations in both the public and private sector have been operating for thirteen years.

It would reduce bureaucratic compliance requirements for many organizations and provide a single set of compliance laws across Europe. At the same time, it would impose a greater responsibility on organizations to protect against and acknowledge data breaches, introducing stiffer penalties for organizations that fall short of the legal requirements. This would be no bad thing. Senior management need to act to stop the flow of sensitive information that is leaking out of organizations. The right information policies and procedures need to be in place. All too often, it seems that organizations are mopping the floor after the leak.

In particular, the draft EU proposal includes four requirements that would, if adopted, have a far-reaching impact on all organizations that do business in Europe.

A mandatory notification of breaches. This recommends that both the relevant Data Protection Authorities (DPAs) - [in the UK's case this would be the ICO] - and all affected individuals have to be notified within 24 hours of a data security breach, including unauthorised destruction or loss. The data protection authorities must be notified even in the absence of any risk of harm to data.

This requirement raises a number of important questions including the need for data breach thresholds: does this requirement apply to the loss of a single record, for example, and would there be a longer time limit if the data breach involved the loss of millions of customer records? It also raises the question as to whether public and private sector organizations would be able and indeed willing, to self-regulate.
All public sector organizations, and private sector organizations with more than 250 employees, to have a named data protection officer. This could have significant resource, training and recruitment implications for many organizations. One option could be to add the responsibility to the remit of an appropriately skilled employee.
Regulatory authorities would have powers to impose fines of up 1 million Euros - or two percent of turnover for private sector organizations - for failures to comply with the regulation. That the EU is prepared to authorise this level of punishment highlights just how seriously data protection is to be taken.
Give individuals the 'right to be forgotten'. In essence, it states that individuals should have greater control over their data and be allowed to demand the removal or deletion of personal records from any organization that holds them. If adopted, this requirement would have immense resource implications for organizations and could be time-consuming and complex to implement, particularly where it relates to the fast-moving world of social media. However, the small print suggests that this right is a 'qualified' one.

- more

03/13/2012 - Proposed new manadated compliance for executive and CIO compensation

An entirely new and potentially more invasive accounting-related influence on executive compensation (including CIOs), in the form of proposed amendments to Public Company Accounting Oversight Board (PCAOB) auditing standards. If adopted, the proposed amendments could spur corporate auditors to force changes to compensation programs due to unacceptable risks of material misstatement, an increased risk of fraud, or both.

Executive compensation is not a new area for the PCAOB. Auditing Standard No. 12, "Identifying and Assessing Risks of Material Misstatement," currently states that "the auditor should consider performing . . . procedures and the extent to which the procedures should be performed [to] obtain an understanding of compensation arrangements with senior management, including incentive compensation arrangements, changes or adjustments to those arrangements, and special bonuses."

The increased scrutiny would not be limited to just reviewing more documents. The proposed amendments also would require the auditors to consider contacting persons who are involved in executive-compensation decisions but not in financial audits - such as the compensation committee chair, the outside compensation consultant, and human-resources personnel - to better understand the company's executive-compensation structure. Auditing procedures would also target the authorization and approval process for executive perquisites and reimbursement arrangements.

- more

03/01/2012 - Security breaches can go un-detected for a lomg time

Over 90 percent of data breaches are the result of external attacks and almost 60 percent of organizations discovered them months or years later, Verizon said in a report released at the RSA security conference.

According to the report, the use of default or stolen credentials was one of the primary methods that attackers used to gain access to data in 2011. Some organized crime groups have automated their attacks to scan for very specific ports, like those for remote desktop, pcAnywhere and similar products, and then they try to log in with common or stolen passwords.

This problem is common with small businesses that outsource the administration of their IT systems to third parties who offer remote support. These organizations should implement some type of access control for remotely accessible systems, like restricting which IPs are allowed to connect to them.

Web-based attacks like SQL injection have a lower frequency and didn't even make the top 10 list on the annual report that will be published later this year, Baker said. The rate of SQL injection attacks is usually much higher for financial services organizations.

Janco's Security Manual for the Internet and Information Technology is over 240 pages in length. The template is compliant with ISO 27000 (formerly ISO 17799), Sarbanes-Oxley, Patriot Act and HIPAA and includes a PCI DSS Audit program.

One problem that doesn't seem to improve from year to year has to do with breach discovery. It takes the majority of organizations months to discover a breach and some of them even take years.

- more

02/27/2012 - Cybersecurity now a CEO concern

Cybersecurity is not just an IT issue; that is not how your adversaries are looking at it. Using IT happens to be the way they get into networks. Technology is only one aspect. Organizations need to look at it as a foreign intelligence collection effort. Bottom line, cybersecurity needs to be top-down driven, from the head of the agency or a CEO on down. Only then will the enterprise be adequately protected.

- more